PT-2019-6359 · Python+7 · Psutil+7

Riccardo Schirone

Published

2019-11-07

Updated

2021-11-09

CVE-2019-18874

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions psutil versions through 5.6.5

Description The issue is related to a double free error in the Psutil library, which is used for tracking computer resources. This error occurs due to incorrect reference count handling when converting system data into a Python object within loops. Exploitation of this issue can allow a remote attacker to cause a denial of service.

Recommendations For psutil versions through 5.6.5, update to a version later than 5.6.5 to resolve the issue.

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2021:4162

ALSA-2021:4324

ALT-PU-2020-1709

ALT-PU-2020-1771

AZL-6810

BDU:2023-03812

CESA-2021_4162

CESA-2021_4324

CVE-2019-18874

DLA-1998-1

GHSA-QFC5-MCWQ-26Q8

MGASA-2019-0370

OESA-2021-1412

PYSEC-2019-41

RHSA-2020:2583

RHSA-2020:2593

RHSA-2020:2635

RHSA-2020:4299

RHSA-2021:1313

RHSA-2021:4162

RHSA-2021:4324

RHSA-2021_4162

RHSA-2021_4324

RLSA-2021:4162

RLSA-2021:4324

SUSE-RU-2020:2072-1

SUSE-SU-2019:3068-1

SUSE-SU-2020:1901-1

USN-4204-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Ubuntu

Psutil

PT-2019-6359 · Python+7 · Psutil+7

CVE-2019-18874

Weakness Enumeration

Related Identifiers

Affected Products

References · 174